Create User Account using useradd/adduser commands in Linux

|
Last Updated:
|
|

In this tutorial, you will learn how to create user account using useradd/adduser commands in Linux. User management is one of the most common task in Linux system administration. Creating users, setting up their environments, setting passwords, managing their groups, deleting users etc are all tasks surrounding user management in Linux. Having the ability to manage users in LInux is one of the most paramount basic skill in Linux administration.

Create User Account using useradd/adduser commands in Linux

Note that user account management in Linux requires elevated privileges; the use of root account or a standard account with sudo rights.

Below is what we are going to cover in regards to user account creation in Linux;

Creating User Accounts using useradd/adduser commands in Linux

There are various way in which you can create user accounts in Linux. If you are using desktop based system, you can do user account creation from the GUI (or console if you want), while on the headless servers you can do user account creation from the console, here in called the terminal. In this tutorial, we will focus on creating user management in Linux from terminal.

Linux provides various commands for creating user accounts, with the most common ones being useradd and adduser utilities.

Using useradd command in Linux

The command line syntax for useradd utility is;

useradd [-c comment] [-d home-dir] [-e expire-date] [-f inactive-days] [-g default-group] [-G group[,...]] [-m [-k skeleton-dir] | -M] [-p password] [-s shell] [-u UID [-o]] [-r] [-N] username

In its simplest form, you would simply run the useradd as shown below to create a user;

useradd USERNAME

For example, to create an account for user johndoe;

useradd johndoe

This creates a user account with the default options defined on the /etc/login.defs file. You can view the defaults from the passwd database. The useradd command default options are also defined in /etc/default/useradd file.

getent passwd johndoe
johndoe:x:1002:1002::/home/johndoe:/bin/sh

By default, a group will also be created for the new user with the same group ID (GID) as user ID (UID) and same group name as username;

getent group johndoe
johndoe:x:1002:

You can pass multiple options to the useradd utility to customize your user account during creation. For example, see the command below;

useradd -m -c "Jane Doe" -s /bin/bash -g level1 -G level1,level2 janedoe

Where the options:

  • -m: tells the useradd command to create user’s home directory (/home/janedoe).
  • -c: defines a short description of the user, and is currently used as the field for the user’s full name (Jane Doe).
  • -s: defines a custom user’s login shell, bash is used above. Check /etc/login.defs for the default value, usually /bin/sh
  • -g: defines a custom primary group for user instead of creating a group similar to login name (username). The group must already be existing.
  • -G: adds a user to additional groups specified. Groups must also be already existing.

To list the default options defined on the useradd defaults file, /etc/default/useradd;

useradd -D

For a complete description of other command line options, refer to man useradd.

Using adduser command in Linux

adduser command, unlike useradd command, helps you to interactively add user account to your linux system. You would simply execute it from your Linux terminal as follows;

adduser <username>

For example, to create a user called janedoe;

adduser janedoe

On Debian based systems, this command will run interactively asking you about various details about the user;

Adding user `janedoe' ...
Adding new group `janedoe' (1002) ...
Adding new user `janedoe' (1001) with group `janedoe' ...
Creating home directory `/home/janedoe' ...
Copying files from `/etc/skel' ...
New password: 
Retype new password: 
passwd: password updated successfully
Changing the user information for janedoe
Enter the new value, or press ENTER for the default
	Full Name []: Jane Doe
	Room Number []: 
	Work Phone []: 
	Home Phone []: 
	Other []: 
Is the information correct? [Y/n] y

Both adduser and useradd commands copies the initial user profile/environment settings defined under the /etc/skel directory to the user login/home directory.

By default, adduser command uses the default settings defined under /etc/adduser.conf file.

You can specify various options on the command line;

adduser --home /home/janedoe --shell /bin/bash --gecos "" janedoe

On RHEL derivatives, the adduser command is a symbolic link to useradd command and will just run non-interactively as useradd command.

ls -alh /usr/sbin/adduser
lrwxrwxrwx. 1 root root 7 Nov  8  2019 /usr/sbin/adduser -> useradd

Setting User Account Password in Linux

Before a user account becomes usable, you need to have set a password for it. useradd command doesn’t prompt for password. adduser command however, prompts you to set the password.

You can set/reset user account password using passwd utility.

As as administrator/super user (root), you can set user password as simple as executing the command;

passwd username

There are other account details you can control using the passwd utility. Read more on man passwd about the command line options.

As a standard user, you can only reset your own password. While resetting a password, you need to supply your old password.

With useradd command, you can specify your password on the command line using the -p ENCRYPTED_PASSWORD option.

You can generate an encrypted password using openssl or other tools such as crypt.

See example command below to use openssl with passwd command to generate encrypted password.

openssl passwd password

This will generate an hash for password password.

QqjgPLfXQD8Zk

You can then pass this to -p option as the hash;

useradd -m -p QqjgPLfXQD8Zk username

You can simply achieve this using one command;

useradd -m -p $(openssl passwd password) username

Viewing User Account Information in Linux

There are two files that stores user information records in Linux;

  • /etc/passwd: Stores general user information such as username, user ID, group ID, location of home directory, login shell, the Geckos information. The file can be read by standard users.
  • /etc/shadow: Stores user password information such as expiry date, the password hash…The file cannot be read by standard users.

Viewing General User Account Information

To view the general user information from the passwd database, use the getent tool.

getent passwd

This will list all the users and their account information. If you want to view specific user account information, you can grep the user or simply pass the username as the argument.

getent passwd | grep janedoe

or

getent passwd janedoe
janedoe:x:1002:1002::/home/janedoe:/bin/bash

Where:

Field No.FieldDescription
1janedoeAccount username
2xletter x is a placeholder for user’s encrypted password which is stored in shadow file.
31002User ID
41002Group ID
5(blank)This field should contain general user information (GECOS) such as real name (Jane Doe), phone number, location
6/home/janedoeThis is the home directory for the user
7/bin/bashThis is the shell assigned to the user

Viewing User Account Password Information in Linux

To view user’s password information, you can similarly read from the shadow database using the getent command.

getent shadow janedow
janedoe:!!:18478:0:99999:7:::
Field NoField ValueDescription
1janedoeAccount Username
2!!/!/*/blank/
password hash
two exclamation marks (!!): No password set for the account
one exclamation marks (!): shows that the account is locked
an asterisk (*): Indicates that the account doesn’t accept login.
blank: The password has been deleted for the account and thus, you can login without being prompted for the password.
hash: An encrypted password has been set for the account
318478Last password change date. Expressed in number of days since 01/01/1970. Value of -1 means the feature is disabled.
40Number of days before password can be changes. 0 shows that password can be changed at any time.
599999How long in days after which the password must be changed. 99999 indicates that the account doesn’t expire and hence the password can be kept for as many years.
67Number of warning days before a password expires. This show 7 days
7Number of days an account can stay after it has expired before it is disabled/deactivated completely.
8How long in days, since 01/01/1970 since the account is disabled

And that is how easy it is to create and view user account information in Linux.

The commands that we used in this tutorial, supports other wide number of command line options. Be sure to check the man pages of each individual command to get a comprehensive description of these options.

Reference

  • man useradd
  • man adduser
  • man passwd

Using Find Command to Search for Files and Directories in Linux

Delete Lines Matching a Specific Pattern in a File using SED

Delete Lines Matching Specific Pattern in a File using VIM

How to check Hardware information, block devices and filesystems on a Linux System

Viewing System Processes using ps and top commands

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
gen_too
Co-founder of Kifarunix.com, Linux Tips and Tutorials. Linux/Unix admin and author at Kifarunix.com.

Leave a Comment